On 2/26/20, Gene Heskett <ghesk...@shentel.net> wrote: > On Wednesday 26 February 2020 13:50:40 Lee wrote: > >> On 2/26/20, Gene Heskett <ghesk...@shentel.net> wrote: >> > over the last 90 days or so, we seem to have been plauged with a new >> > breed of bots scanning our web pages, and they are not just indexing >> > our web pages I don't mind that, but they are ignoring our >> > robots.txt and are mirroring anything apache2 can reach, including >> > stuff thats there but not reachable by a normal browser just looking >> > around and clicking on links. >> >> <.. snip ..> >> >> > To add a new rule, covering that whole 256 address block because >> > they seem to have a random address, changed about weekly, in that >> > block: >> > >> > root@coyote:iptables$ cat iptables-add >> > >> > #!/bin/bash >> > iptables -I INPUT -s add.ress.to.block/24 -j DROP >> >> Have you considered REJECT instead of DROP? >> >> REJECT should send a RST telling the other side to give up now. >> DROP just drops the packet leaving the other side to retry until the >> retry limit is hit. >> >> Lee > > Thats been considered, but when they go away, they are attacking someone > else. And I'm just chrochety enough of an old fart to let them waste > their time, while saveing my upload bandwidth.
^shrug^ your network, your rules. But if you really want to slow them down, do like Reco suggested, >> one should consider using TARPIT Regards, Lee
